The Joys of Air Travel and Secure, Multi-tenant Clouds

This post starts with a story. A coworker (and I link to give proper geek credit where it’s due) and I were on a late Friday night flight coming home from a tiring week of meetings. After a long, bumpy ride, we finally landed back in Boston, and neither of us wanted anything more than to get in our respective cabs and get home. Of course, as soon as the lights came on, we were forced to endure a painfully loud, obnoxious conversation behind us. As we rolled our eyes, my coworker said: “this is why airplanes need network containers.”

So, how did she get from our cramped airplane to network containers? It’s quite simple really. Just as a number of tenants have to co-exist in a shared cloud infrastructure, we are all forced to sit next to people who we don’t know when we travel. Now, they may be very nice people, they may speak another language, or they might even be from our competitor. We don’t have a lot of choice as to who we sit next to, just like in a typical IaaS or PaaS cloud, we don’t have a lot of choice as to what workloads are running on the same physical hardware or networks that we’re on. Airplanes and cloud computing are both multi-tenant.

In the case of a plane, we have to assume the worst case, that whoever is sitting next to us is from our closest competitor. It’s not a good idea to work on sensitive documents while someone is peering over your shoulder. Privacy screens work, to a point, shielding our seatmates from our sensitive documents. The reality is that we can’t ensure privacy on an airplane because there are no barriers between us and the random people around us.

That level of security won’t work in the cloud. For a multi-tenant cloud to be secure, there must be logical barriers between tenants, so that they can share resources securely. The whole concept of a multi-tenant cloud would fail pretty quickly if we had access to the data and workloads that were running close to us. And that’s where network containers come in. Network containers enable you to create and manage many concurrent tenant networks in a single cloud. Your tenants’ applications run securely, separately, as if they were in different datacenters, while you manage the cloud.

Though a neat and simple concept, the devil is in the details. Actually creating secure multi-tenant networks in a self-service, automated cloud is where many vendors fail. It takes a good amount of cooperation between vendors to get this to work across heterogeneous environments. Those looking to perform technical POCs when evaluating cloud vendors would be well served to zero in on this critical cloud use case. It’s important not just to create multi-tenant networks, but to do so in a way that does not impact the overall delivery of business services. If every request for a new tenant had to go to a network team to configure a new network, you would quickly lose any agility that a cloud would otherwise unlock.

Network containers make multi-tenant networks secure. And if we could just find a way to turn that into personal privacy barriers on airplanes, we might finally get some work done when we’re actually in the clouds.